From: Joseph Myers <joseph@codesourcery.com>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: "Cristian Rodríguez" <crrodriguez@opensuse.org>,
libc-alpha@sourceware.org
Subject: Re: [PATCH 2/2] linux: posix_spawn: return EINVAL on argc < 1
Date: Fri, 28 Jan 2022 18:03:46 +0000 [thread overview]
Message-ID: <alpine.DEB.2.22.394.2201281753070.658852@digraph.polyomino.org.uk> (raw)
In-Reply-To: <a9828191-eb42-ded7-a29f-2768ed94d906@linaro.org>
On Fri, 28 Jan 2022, Adhemerval Zanella via Libc-alpha wrote:
> Since Linux is discussing changing on execve syscall [1], I think it would be
> better to the same not only for posix_spawn, but rather to all execve
> functions.
>
> And since all ends up calling execve, even posix_spawn, I think it would be
> better to:
>
> 1. Make posix/execve.c call __execveat.
> 1.1. It would also allow remove the Hurd implementation 'sysdeps/mach/hurd/execve.c'
> 2. Add the proper check on generic, Linux, and Hurd implementation execveat.
> 2.1. Maybe even add __execveat_internal that just issue the syscall and let the
> generic wrapper handle the argument parsing.
> 3. Add a regression test.
>
> I also think returning EINVAL is better than the kernel EFAULT one (it
> seems that the last message on thread does settle for that).
Apart from the need for a test, a note under "Deprecated and removed
features, and other changes affecting compatibility" in NEWS, and
documentation in the manual if there's an appropriate place for it to go
(there is for execve; posix_spawn isn't documented in the manual at all),
I'd also think it would be better in terms of application compatibility to
construct an array { pathname, NULL } and pass that in place of argv when
argv[0] is NULL (*not* when argv[0] is an empty string, I don't see a
problem with an empty string there), rather than returning an error.
That's more similar in spirit to what we do with reopening fds 0, 1, 2 if
not open at startup (but I'd also tend to think the kernel is a better
place than libc to deal with this, given that anything the *calling*
program does in userspace with execve can't avoid security issues in the
*called* program with NULL argv[0] - in the case of fds 0, 1, 2 glibc is
addressing the problem state directly in the *called* process).
I don't think the "should" in the POSIX specification of posix_spawn is
very relevant as a justification for the patch (it only requires things
for Strictly Conforming POSIX Applications).
--
Joseph S. Myers
joseph@codesourcery.com
next prev parent reply other threads:[~2022-01-28 18:03 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-28 13:39 Cristian Rodríguez
2022-01-28 15:26 ` Cristian Rodríguez
2022-01-28 17:07 ` Adhemerval Zanella
2022-01-28 18:03 ` Joseph Myers [this message]
2022-01-28 23:05 ` Adhemerval Zanella
2022-01-28 23:26 ` Joseph Myers
2022-01-28 23:35 ` Cristian Rodríguez
2022-01-28 23:49 ` Joseph Myers
2022-01-29 1:04 ` Cristian Rodríguez
2022-03-23 14:40 ` Cristian Rodríguez
2022-01-28 19:08 ` Cristian Rodríguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.22.394.2201281753070.658852@digraph.polyomino.org.uk \
--to=joseph@codesourcery.com \
--cc=adhemerval.zanella@linaro.org \
--cc=crrodriguez@opensuse.org \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).